Spark works hard to ensure the security of our own networks and to support our corporate and enterprise customers with their security needs. Learn about Spark managed security solutions
How we manage cyber security
Spark networks, products, and services are built with multiple checks in place during the ‘design’, ‘build’ and ‘operate’ phases. This ensures they are deployed with best practice security controls. For example, access controls support the principle of least privilege and help ensure sensitive data is handled with appropriate safeguards.
Spark’s Critical Asset Protection Program (CAPP) framework ensures that Spark’s most valuable and sensitive information assets are well understood, adequately protected, and continuously assured. Our processes help ensure appropriate ownership, oversight, and ongoing risk management of Spark’s IT systems and the data we process.
People play an important role in helping to detect and defend against potential cyber security threats. To help our staff identify and mitigate potential threats, everyone at Spark is required to undertake annual cyber security training, including when they first join.
In addition, we have one of the largest security operation centres in the country, with more than 100 security experts. Our experts actively work to protect Spark’s environment and oversee our broader cyber security programme.
Tools and frameworks
We have invested heavily in building our threat intelligence platform and adopting industry best practice frameworks. This ensures we continue to evolve our ability to protect against, detect and respond to potential threats. Frameworks we leverage to improve Spark overall Cyber security effectiveness, maturity and posture include (and are not limited to):
Our security roadmap includes ongoing investment in automation, orchestration and machine learning. This enables us to stay ahead of ever evolving security threats and enhance our wider cyber security capabilities.
In the event that something unplanned disrupts our IT environment, we also have a defined Spark cyber security incident response plan which governs our response.
Our Chief Information Security Officer (CISO), Josh Bahlman, reports directly into Spark’s Executive Leadership Team via the Chief Operating Officer. The CISO has responsibility for cyber security at Spark. All members of the Spark Board’s Audit and Risk Management Committee have governance responsibility. Josh Bahlman holds a ‘Best Security Leader Award’ from the New Zealand Information Security Awards. Our processes are independently assured by our risk and internal audit functions and are often externally validated by qualified cyber security consultants or auditors.
Cyber security certifications
We work to ensure we operate at a high standard using continuous assessment and measurement of our cyber security maturity level. We govern our security programme using the industry’s best practice frameworks and certifications, including the following:
Forum of Incident Response and Security Teams (FIRST)
Spark Security Incident Response Team (S-SIRT) is an official member of FIRST, a global body through which S-SIRTs globally unite to create a safer internet.
NZ Internet Task force (NZITF)
Spark SIRT is a member of NZITF, a national security trust group.
Collaborating with Government
Spark has a strong working relationship with both CERT NZ, the Government Communications Security Bureau (GCSB) and DIA. We help respond to major national security events that have the potential to severely impact critical infrastructure and organisations. For example, in 2021, Spark worked with DIA to identify and contact the users of mobiles infected by FluBot malware.
Threat intelligence partners
Spark has an established and mature threat intelligence program. This involves sharing and ingesting indicators of compromise (IOC) with local and international partners. Through this, Spark is able to leverage insights that help us to protect and monitor the security of Spark, and our consumers and managed security services customers.
New Zealand Telecommunications Forum (TCF)
As a member of the TCF, Spark works with the industry to block numbers linked to fraudulent or inappropriate activity. We also block access to URLs featured in scam texts. Where possible, our security and fraud teams work with law enforcement to identify and shut down scamming operations.
We regularly educate and alert customers on fraudulent activity. This can be through direct customer communications, regular updates on our scam alert website, and sharing alerts about widespread scams on our social media channels. We also partner with Netsafe on its educational scam call brochure, and we ensure our customer service teams are equipped to assist with scam call queries.